A distributed-denial-of-service attack in Europe highlights the need for Internet service providers to implement security best practices to prevent future incidents and protect their users, ENISA's Thomas Haeberlen says.
Breach statistics for 2012 show DDoS attacks dramatically increased in all sectors, says Verizon's Dave Ostertag. "If your organization, company or agency has a presence on the Internet, you're a potential victim now."
"Organizations have to be able to develop their security plans that really talk to their specific mission," National Institute of Standards and Technology's Ron Ross says. "The overlay concept is introduced to allow that specialization."
A House Appropriations Committee bill would earmark $786 million for Department of Homeland Security cybersecurity operations in fiscal 2014. That's $24 million less than President Obama seeks, but 4 percent more than this year's appropriation.
As a result of a major breach of the state's tax system, South Carolina is considering creating a federated model of IT security governance. The plan would create a central organization to determine policies, with individual agencies implementing them.
Ronald Sanders says it isn't easy to answer the question of whether the information security field should be professionalized. The former human capital officer at the Office of the Director of National Intelligence explains why.
Malware attacks against retailers are becoming more common. Many breaches linked to these attacks could be prevented, experts say, if merchants took more steps to lock down networks and point-of-sale devices.
A key difference between state-sponsored espionage and organized criminals or hacktivists is the level of persistence and determination to break through defenses. Here's advice from security experts on defending against nation-state attacks.